In order to preserve the integrity of its computer system, a company typically maintains an information technology (IT) department that is responsible for setting security standards for compliance. Verifying compliance with security standards often involves determining the security settings on the system, determining the software installed on the system, determining the Internet Web sites visited by users of the system, collecting and compiling data from the system in a meaningful way, and ensuring compliance for all servers and all workstations in the system.
In the past, remote scanners have been used to determine the security settings of a computer. The effectiveness of such remote scanners has been limited, however, due to the inability to check all the settings needed to verify compliance with the standards set forth by the security department. Accordingly, IT personnel often must go from computer to computer and manually check the settings that could not be checked using the remote scanner. Performing a complete verification of all computers thus may require a significant amount of time.
Determining installed software traditionally has been accomplished by scanning an individual computer. Scanning can be done locally by performing a manual check of the computer for installed software or remotely by using a Systems Management Server (SMS), for example. These methods have significant drawbacks. In particular, performing manual scanning takes a large amount of time. In addition, SMS methods require file shares to be open in order to perform scanning, which exposes the system to a potential security risk.
Determining the Internet Web sites visited by company personnel generally has been a time consuming process involving the examination of uniform resource locators (URLs) kept by an Internet proxy. Because the Internet proxy logs contain information for all users, the volume of information is much more than required to perform the test work necessary. Sifting through such a vast amount of information is burdensome and time consuming. Furthermore, since users are able to change their Internet protocol (IP) address, it often is difficult to use the logs to pinpoint a particular user for a given date and time.
Collecting and compiling data in a meaningful way also has been problematic. Typically, data is gathered from many diverse sources and processes throughout the system. Once the data has been collected, IT personnel must manually parse through it in order to glean useful information about the system. At times, IT personnel have created and used parsing programs; however, the uses of such parsing programs are limited due to the lack of standardization.
Previously, ensuring compliance for all servers and all workstations in the system has been accomplished by manually testing each machine. In addition to taking a long time to perform, the version and/or operating system used on the machine was not determined.
Accordingly, systems and methods for assessing computer security are needed to overcome the deficiencies mentioned above.